Who We Are

The Ministry of Communications and Information (MCI) is a ministry of the Government of Singapore. MCI’s mission is to connect our people to community, government and opportunity, enabled by trustworthy infrastructure and technology.

Cyber Security

MCI and Cyber Security Agency (CSA) work with government agencies and private organisations to build resilient infrastructure, create a safe cyberspace, develop a vibrant cyber ecosystem and strengthen international partnerships.

Digital Defence

Digital Readiness

Comprising representatives from the public, private and people sectors, the digital readiness initiative aim to develop strategies and principles for building digital readiness for Singaporeans, with a particular emphasis on those who might be at risk of being excluded from opportunities in the digital future.

Infocomm Media

The convergence of infocomm and media has changed the way the infocomm and media sector is organised. MCI and IMDA work together to ensure our businesses and people seize opportunities in the infocomm and media sector and that the regulatory environment keep pace with the developments, remain conducive for businesses and protect consumers’ interest.

Libraries

Personal Data

MCI, through the Personal Data Protection Commission (PDPC) in IMDA, oversees and crafts policies to strengthen Singapore’s personal data protection regime. It aims to raise awareness of the importance of data protection among Singaporeans and assist businesses in building up their data protection capacity.

Public Comms

MCI plays an important role in public communications. Through listening to citizens and explaining the government policies, MCI ensures that Singaporeans are heard, connected and engaged as citizens of Singapore.

Careers and Grants

Careers

As a part of MCI, you will play a key role in remaking Singapore. We work towards our vision by formulating policies to develop and promote Singapore’s infocomm and media sectors. We also foster greater understanding between the Government, Singaporeans and stakeholders by facilitating effective public communications.

Job Vacancies

Scholarship

MCI offers scholarships to candidates with a passion for government communications work. Upon graduation, scholars can look forward to a rewarding and challenging career spanning various portfolios and responsibilities, as well as a comprehensive development plan comprising professional and leadership training, secondments and attachments to other ministries and external agencies.

SingHealth's IT system target of cyberattack

Category:
Personal Data, Cyber Security

Type:
Press Releases

SINGHEALTH’S IT SYSTEM TARGET OF CYBERATTACKSafeguard Measures Taken, No Further Exfiltration Detected

SingHealth’s database containing patient personal particulars and outpatient dispensed medicines has been the target of a major cyberattack.

2About 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018 have had their non-medical personal particulars illegally accessed and copied. The data taken include name, NRIC number, address, gender, race and date of birth. Information on the outpatient dispensed medicines of about 160,000 of these patients was also exfiltrated. The records were not tampered with, i.e. no records were amended or deleted. No other patient records, such as diagnosis, test results or doctors’ notes, were breached. We have not found evidence of a similar breach in the other public healthcare IT systems.

3Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS)1 confirmed that this was a deliberate, targeted and well-planned cyberattack. It was not the work of casual hackers or criminal gangs.

5On 4 July 2018, IHiS’ database administrators detected unusual activity on one of SingHealth’s IT databases. They acted immediately to halt the activity. IHiS investigated the incident to ascertain the nature of the activity, while putting in place additional cybersecurity precautions. On 10 July 2018, investigations confirmed that it was a cyberattack, and the Ministry of Health (MOH), SingHealth and CSA were informed. It was established that data was exfiltrated from 27 June 2018 to 4 July 2018. SingHealth lodged a police report on 12 Jul 2018. Police investigation is ongoing.

6With heightened monitoring, further malicious activities were observed. However, no further illegal exfiltration has been detected since 4 July 2018. All patient records in SingHealth’s IT system remain intact. There has been no disruption of healthcare services during the period of the cyberattack, and patient care has not been compromised.

7IHiS, with CSA’s support, has implemented further measures to tighten the security of SingHealth’s IT systems. These include temporarily imposing internet surfing separation. We have also placed additional controls on workstations and servers, reset user and systems accounts, and installed additional system monitoring controls. Similar measures are being put in place for IT systems across the public healthcare sector against this threat.

Investigations by CSA

8CSA has ascertained that the cyber attackers accessed the SingHealth IT system through an initial breach on a particular front-end workstation. They subsequently managed to obtain privileged account credentials to gain privileged access to the database. Upon discovery, the breach was immediately contained, preventing further illegal exfiltration.

Patient Engagement

9From today, SingHealth will be progressively contacting all patients who visited its specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018, to notify them if their data had been illegally exfiltrated. All the patients, whether or not their data were compromised, will receive an SMS notification over the next five days. Patients can also access the Health Buddy mobile app or SingHealth website to check if they are affected by this incident.

Further Actions

10MOH has directed IHiS to conduct a thorough review of our public healthcare system, with support from third-party experts, to improve cyber threat prevention, detection and response. Areas of review will include cybersecurity policies, threat management processes, IT system controls and organisational and staff capabilities. Advisories have been sent to all healthcare institutions, public and private, on the cybersecurity precautions and measures to be taken.

11The Government takes a serious view of any cyberattack, illegal access of data or action that compromises the confidentiality of data in Singapore. The Minister-in-Charge of Cyber Security will establish a Committee of Inquiry to conduct an independent external review of this incident.

Ministry of Communications and Information, and Ministry of Health20 July 2018

--------------------------------------------------------------------------------------------------------------------------[1]Integrated Health Information Systems (IHiS) is the technology agency for the public healthcare sector. It runs the public healthcare institutions’ IT systems.

08 Jul 2019

SINGHEALTH’S IT SYSTEM TARGET OF CYBERATTACKSafeguard Measures Taken, No Further Exfiltration Detected

SingHealth’s database containing patient personal particulars and outpatient dispensed medicines has been the target of a major cyberattack.

2About 1.5 million patients who visited SingHealth’s specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018 have had their non-medical personal particulars illegally accessed and copied. The data taken include name, NRIC number, address, gender, race and date of birth. Information on the outpatient dispensed medicines of about 160,000 of these patients was also exfiltrated. The records were not tampered with, i.e. no records were amended or deleted. No other patient records, such as diagnosis, test results or doctors’ notes, were breached. We have not found evidence of a similar breach in the other public healthcare IT systems.

3Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS)1 confirmed that this was a deliberate, targeted and well-planned cyberattack. It was not the work of casual hackers or criminal gangs.

5On 4 July 2018, IHiS’ database administrators detected unusual activity on one of SingHealth’s IT databases. They acted immediately to halt the activity. IHiS investigated the incident to ascertain the nature of the activity, while putting in place additional cybersecurity precautions. On 10 July 2018, investigations confirmed that it was a cyberattack, and the Ministry of Health (MOH), SingHealth and CSA were informed. It was established that data was exfiltrated from 27 June 2018 to 4 July 2018. SingHealth lodged a police report on 12 Jul 2018. Police investigation is ongoing.

6With heightened monitoring, further malicious activities were observed. However, no further illegal exfiltration has been detected since 4 July 2018. All patient records in SingHealth’s IT system remain intact. There has been no disruption of healthcare services during the period of the cyberattack, and patient care has not been compromised.

7IHiS, with CSA’s support, has implemented further measures to tighten the security of SingHealth’s IT systems. These include temporarily imposing internet surfing separation. We have also placed additional controls on workstations and servers, reset user and systems accounts, and installed additional system monitoring controls. Similar measures are being put in place for IT systems across the public healthcare sector against this threat.

Investigations by CSA

8CSA has ascertained that the cyber attackers accessed the SingHealth IT system through an initial breach on a particular front-end workstation. They subsequently managed to obtain privileged account credentials to gain privileged access to the database. Upon discovery, the breach was immediately contained, preventing further illegal exfiltration.

Patient Engagement

9From today, SingHealth will be progressively contacting all patients who visited its specialist outpatient clinics and polyclinics from 1 May 2015 to 4 July 2018, to notify them if their data had been illegally exfiltrated. All the patients, whether or not their data were compromised, will receive an SMS notification over the next five days. Patients can also access the Health Buddy mobile app or SingHealth website to check if they are affected by this incident.

Further Actions

10MOH has directed IHiS to conduct a thorough review of our public healthcare system, with support from third-party experts, to improve cyber threat prevention, detection and response. Areas of review will include cybersecurity policies, threat management processes, IT system controls and organisational and staff capabilities. Advisories have been sent to all healthcare institutions, public and private, on the cybersecurity precautions and measures to be taken.

11The Government takes a serious view of any cyberattack, illegal access of data or action that compromises the confidentiality of data in Singapore. The Minister-in-Charge of Cyber Security will establish a Committee of Inquiry to conduct an independent external review of this incident.

Ministry of Communications and Information, and Ministry of Health20 July 2018

--------------------------------------------------------------------------------------------------------------------------[1]Integrated Health Information Systems (IHiS) is the technology agency for the public healthcare sector. It runs the public healthcare institutions’ IT systems.